This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
EVSolovyev
Collaborator
‎2021-08-03 09:59 AM
Jump to solution

Update IPS signatures without default

Hello, everyone.

I have moved HA cluster from static to OSPF. HA cluster is installed in the center of the network and receives the default from the upstream router.It turns out that the active node has a default by OSPF, but the passive node does not receive the default. When we switch nodes, the situation is the same. I.e. in SMS, the passive node always gets an error that it cannot connect to CheckPoint to update the databases.

Alternatively, it is possible to write all subnets of update portals by statics. But this is not a good option I think, because the subnets can change.

Maybe you can suggest something more correct?

If I decide to write static routes to the CheckPoint update portal, do you know which subnets are needed? If there is a list, please tell me where to see it.

0 Kudos
1 Solution

Accepted Solutions
4 Replies
PhoneBoy
Admin
Admin
‎2021-08-03 10:08 AM
Jump to solution

I'm pretty sure the passive member should also have the default route as well.
Both members should have the same router-id (cluster address).
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

EVSolovyev
Collaborator
‎2021-08-04 03:59 AM
In response to PhoneBoy
Jump to solution

Hello.

I was check OSPF configuration on both nodes and see no problem in it. The default was added statically, but on standby node I do not see it in routing table.

2021-08-04_134031.jpg

2021-08-04_133839.jpg

0 Kudos
EVSolovyev
Collaborator
‎2021-08-09 03:26 AM
In response to EVSolovyev
Jump to solution

My solution was:

https://community.checkpoint.com/t5/Management/Default-route-on-Standby-Member-not-showing/td-p/8411

2021-08-09_132410.jpg

0 Kudos
EVSolovyev
Collaborator
‎2021-08-09 04:42 AM
In response to PhoneBoy
Jump to solution

"HA cluster is installed in the center of the network and receives the default from the upstream route" - it was incorrect information. The default on the gateway was set statically. The other routes came via OSPF. The IP address of the default route gateway should have been pinged by configuration. For the backup node, this setting means removing the default route from the routing table even if the gateway is pinged.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events